Did FBI informant turn to the 'dark side'?

Or was he a victim of FBI retribution? The arrest of a noted 'white hat' -- one of the supposed good guys in the trade -- exposes the murky relationship between federal investigators and hackers
Written by Bob Sullivan, Contributor on

The world of computer hackers divides itself into good and bad by hat colour, and the good guys are supposed to wear white. So when the owner of "whitehats.com" was arrested earlier this year, it sent shudders through the secretive security community.

Max Vision, regarded as a classic upstanding white hat -- and, it turns out, an FBI informant -- was indicted for breaking into government computers. The case illustrates the often awkward love-hate relationship between hackers and law enforcement agencies.

Max Ray Butler, 28, also known as Max Vision, was charged in March with hacking into the US department of defence and other sensitive government computer systems. But Butler is not your typical precocious teenage hacker. According to his complaint, Butler has worked as an FBI informant for two years.

Butler is also by most accounts an upstanding member of the security industry. He writes free software that helps companies catch computer intruders, frequently posts notes to security mailing lists, describes himself as an "expert in ethical hacking", and was regarded by many in the security community as a genuine "white hat".

The FBI wouldn't discuss its case, and Butler directed questions about his case to his lawyer, Jennifer Granick.

But several of Butler's friends say the arrest was the result of deal gone bad.

They suggest Butler was caught hacking, then agreed to act as an FBI consultant to avoid jail time. The deal went sour at some point, and then he was charged. Granick refused to discuss details, but she did hint her client was charged out of retribution.

"Even after the facts of this case arose, they continued to want his assistance, but at a certain point they had a disagreement about what kind of assistance he was providing them and at that point he was charged," Granick said. "They certainly seem to have a love-hate relationship with [hackers]."

When Butler next appears in court in September, computer hackers and law enforcement agents will watch the case carefully as, for one of the first times, a federal court will take up just how cosy investigators should get with the computer underground. But no matter the outcome of the case, say some security experts, hackers and federal authorities will continue their often tense relations. In fact, the two groups need each other, according to Kevin Poulsen, perhaps the second most famous convicted computer hacker behind Kevin Mitnick. Poulsen has said there is an irresistible attraction between law enforcement and hackers.

"Hackers tend to have a certain mindset, a mischievousness, a cleverness when it comes to figuring out things, definitely a sneakiness. The only place a hacker can use that part of the brain legally is in the government," he said. Poulsen, who served a five year term for rigging radio station contests, was himself turned in by a computer criminal-turned-informant.

"It is love-hate. It goes both ways. The government needs that kind of talent to get those kinds of things done, and hackers are drawn to places where they can use their talents without risk of jail time."

Still, many law enforcement officers, say that is no different from the use of informants in the real world.

"There is no difference between using a hacker as a cooperator versus using a drug dealer as a cooperator. Sometimes it takes a thief to catch a thief," said Elliot Turrini, who prosecuted the Melissa virus author for the US department of justice.

But computer hackers respond that drug buyers and "grey hats" -- hackers who work on the edge of legality -- shouldn't be compared. In the murky, nickname-laden world of computer security, the lines between research and illegal activity are often blurry, they say.

"I don't think there's a single security person out there who hasn't scanned a site and done something that could be considered illegal," said Dragos Ruiu, a Butler friend and chief exec of security firm Dursec.com.

Hackers -- "white hats" -- scan computers from across the Internet to see if they are vulnerable; computer intruders -- "black hats" -- then take that information and break into the computer. It's unclear if scanning alone is illegal or simply a harmless "knock on the door".

In fact, the lines are so blurry that according to one federal prosecutor who requested anonymity, the US department of justice is currently engaged in its own internal ethical debate about how much "illegal" hacking undercover FBI agents should be allowed to perform during investigations.

Engaging in such activity is necessary because only by showing such skills can an undercover agent gain the trust of computer criminals, the source said.

And if they can't engage in those activities themselves, they sometimes get hackers to do it for them. Ruiu, of Vancouver, Canada, said he's been approached by law enforcement officers during his career and asked to perform questionable tasks.

"I remember thinking 'I don't know if law enforcement should be involved in this," he said. "And am I doing something that is going to come back and bite me?" He worries that if Butler is sent to jail, security professionals will stop cooperating with authorities all together.

Go to Pt II/ Staying clean

Take me to the Summer of Hacking Special

Take me to Hackers

What do you think? Tell the Mailroom. And read what others have said.

Editorial standards


Ransomware: This is how half of attacks begin, and this is how you can stop them

Ransomware: This is how half of attacks begin, and this is how you can stop them

This device claims to solve everyone's biggest remote work problem
Logitech Sight

This device claims to solve everyone's biggest remote work problem

After being smashed into by a NASA spacecraft, Dimorphos asteroid grows a tail

After being smashed into by a NASA spacecraft, Dimorphos asteroid grows a tail